Vulnerabilities and Protection of Cyber-Physical Systems (CPS)
The digital and physical worlds are becoming more tightly interwoven every year. Smart electrical grids, autonomous cars, distributed sensors in far-flung locations, and more make it clear that the world is becoming more digitized. Conversely, as digital worlds intersect more with physical reality, there is an evolution occurring in terms of connected devices blending physical inputs and outputs with digital technology.
Known as cyber-physical systems, or CPS, this class of equipment integrates sensing, computation, control, and networking into physical objects and infrastructure, connecting them to the Internet and to each other according to the National Science Foundation.
Physical and digital behaviors are intertwined in these technologies, which is why smart grids are a classic example of CPS. There are physical inputs and outputs within the electrical system to flow power to needed locations, ensuring that electricity is where it’s needed most. Digital sensors communicate back the needed information to effect a physical change.
Cyber-physical systems also have their own specific risks for defenders to be concerned with as they become more prominent in more industries.
What Makes Up a Cyber-Physical System?
Cyber-physical systems emerged from the convergence of OT and IT, including devices that sense, control, or analyze the physical world, along with their networking and computational infrastructure. They have much in common with embedded systems and are often used in similar industrial applications, but the distinction lies in blending digital and physical inputs and outputs. Embedded systems are the digital brain of the machine. What turns a device into a cyber-physical system is the integration of the two input classes.
This is why autonomous cars are considered a cyber-physical system. Driverless vehicles may eventually interact with each other, with smart roads, and with traffic signals to streamline the flow of passenger and commercial vehicles. Airplanes will communicate with each other, and drones could provide WiFi to disaster areas while scanning for damage.
Cyber-physical systems form the core of what’s called Industry 4.0. Manufacturing companies use internet-enabled machinery such as pumps or compressors that can self-monitor and generate information about their own functioning. It features sensors and can communicate with other associated entities. These devices are thus entirely autonomous.
Risks Facing Cyber-Physical Systems
Attacks on cyber-physical systems can combine weaknesses in the digital world and the physical one. In history’s most famous CPS hack – the Stuxnet attack that caused centrifuges making nuclear material to spin self-destructively – knowledge of both IT and the physical characteristics of centrifuges was necessary. Other examples include attempts to poison water supplies by altering the quantities of normal inputs.
Take a smart city, for example. Sensors deployed to monitor environmental factors could be damaged either maliciously or through inattention. They may also be stolen or damaged, interrupting the operation of the cyber-physical systems of the smart city. Sensors in public parks to monitor air quality are often hardened to avoid tampering.
In terms of other attacks, there are a few possibilities:
- Network-based attacks focus on exploiting vulnerabilities in the network infrastructure, including weak access controls or ineffective intrusion detection systems. An insecure network can act as a perfect entry point for attackers, and cyber-physical systems are complicated enough that even one weakness can cause issues. These include eavesdropping attacks that involve listening in and recording network traffic, and replay attacks that intercept data in transit to then replay it later for unauthorized access.
- Software-based attacks are where threat actors take advantage of identified vulnerabilities in firmware or control software to compromise the device. This includes data injection, remote code execution, or a distributed denial of service attack. These are the “classic” cyberattacks that traditional IT defenses are built to detect and respond against.
- Hardware-based attacks use weaknesses in physical components like processors or USB devices to gain unauthorized access to the physical domain. These vulnerabilities can result from design flaws, manufacturing defects, outdated firmware or software running on the hardware, or inadequate security.
- Side-channel attacks use information like power consumption or electromagnetic emissions that arise during normal operations to infer sensitive data. Through analyzing these unintended side-channel signals, attackers may be able to uncover cryptographic keys, passwords, or other confidential information.
- Insider attacks are classic malicious or accidental insider attacks where employees with higher privileges may expose sensitive information to a malicious third party. Strict access control rules, the principle of least privileges, and role-based access control (RBAC) policies are vital protections against insider threats.
The blend of digital and physical threats to cyber-physical systems makes them unique in terms of defensive needs. Ensuring that physical hardware is protected from in-person threats and digital systems are secure from cyberattacks are both necessary, especially as the sprawl of cyber-physical systems continues throughout the world.
How Asimily Helps Protect Cyber-Physical Systems
The Asimily platform is designed with the protection of connected systems in mind. It passively scans network architecture for IoT devices, which are key parts of cyber-physical systems, and surfaces key details such as MAC address, model, firmware version, and any possible vulnerabilities. Non-passive means, such as correlating with other IoT databases, are possible as well. This helps build an inventory of your system, ensuring that you can keep track of every component of a cyber-physical system.
Asset scanning to reveal vulnerabilities also ensures that your security team can focus on the highest-risk hardware and software weaknesses. By emphasizing the vulnerabilities with the greatest potential for exploitation, security teams can ensure that cyber-physical systems remain secure.
Asimily identifies high-risk vulnerabilities with our proprietary, patented algorithm that cross-references vast amounts of data from sources like EPSS (Exploit Prediction Scoring System), Software Bills of Material (SBOMs), Common Vulnerability and Exposure (CVE) lists, and NIST Guidelines.
When mitigating vulnerabilities, Asimily customers are 10x more efficient because the engine can pinpoint and prioritize the top 2% of problem devices that are High-Risk (High Likelihood of exploitation and High Impact if compromised). Asimily’s recommendations can be applied through seamless integration with NACs, firewalls, or other network enforcement solutions.
The Asimily platform is also built with anomalous behavior detection. Asimily monitors network traffic to and from IoT devices for potentially malicious activity. This ensures that connected equipment isn’t communicating with unauthorized destinations, among many other policies that come with Asimily or augmented by customers. Tracking this behavior helps with incident response as well, ensuring that security teams can more easily perform forensic analysis with the data they need at the start..
Security teams can also use Asimily’s Risk Simulator to test how to mitigate the risk from hardware or software vulnerabilities. Simulating a fix can help determine criticality and whether attackers will even try to breach the system. That’s critical information when deciding how to improve corporate security posture.
Asimily empowers security teams to pinpoint potential weaknesses, vulnerabilities, and their severity, as well as contextualize the data to help you prioritize remediation and reduce true risk. With Asimily, customers can protect what really matters.
To find out more about how Asimily can help improve your organization’s security posture, download our white paper: IoT Device Security in 2024: The High Cost of Doing Nothing whitepaper. To get started immediately, contact us today.
Reduce Vulnerabilities 10x Faster with Half the Resources
Find out how our innovative risk remediation platform can help keep your organization’s resources safe, users protected, and IoT and IoMT assets secure.